get-token

   1 #!/bin/bash
   2 # Get an AFS token for the given user.
   3 #
   4 # This is used to deliver mail with the appropriate credentials.
   5 #
   6 # Usage:
   7 #
   8 # get-token $USER
   9 # - If user is root, call this script as $USER
  10 #
  11 # get-token $USER norecurse
  12 # - Don't recursively call this script, even if user if root
  13
  14 REALUSER=$(whoami)
  15 USER=$1
  16 LOGFILE=/tmp/exim4/get-token-log.$USER
  17
  18 if [ "$REALUSER" = "root" ]; then
  19     if [ -n "$2" ]; then
  20         echo "Error: running as root even after trying to change to $USER" \
  21             > $LOGFILE
  22         exit 1
  23     fi
  24
  25     # Decide whether the user exists: getent returns 0 error code if so
  26     getent passwd "$USER" >/dev/null
  27     if [ $? -ne 0 ]; then
  28         echo "$USER is not a local user, so ignoring them"
  29         exit 1
  30     else
  31         exec su $USER -c "$0 $1 norecurse"
  32     fi
  33 fi
  34
  35 # fuse stdin and stderr
  36 exec 2>&1
  37
  38 # all future output goes to this file
  39 exec >& $LOGFILE
  40
  41 # print name of user
  42 echo "Running as user $REALUSER"
  43
  44 # set the credentials cache
  45 export KRB5CCNAME=FILE:/tmp/exim4/krb5cc_$USER.email
  46
  47 # eliminate any previous tokens
  48 kdestroy
  49 unlog
  50 KEYTAB=/etc/keytabs/user.daemon/$USER
  51
  52 # display command-to-be-invoked as a sanity check
  53 echo kinit -kt $KEYTAB $USER/daemon@HCOOP.NET
  54
  55 kinit -kt $KEYTAB $USER/daemon@HCOOP.NET
  56 aklog
  57
  58 # list tokens, for the sake of debugging
  59 #tokens